Versions 1.6.8 and 1.4.13 of the open source Wireshark network protocol analyzer were released, fixing bugs and closing security holes. The maintenance and security updates to the cross-platform tool address three vulnerabilities that could be exploited by an attacker to cause a denial-of-service (DoS) condition. These include a memory allocation flaw in the DIAMETER dissector, infinite and large loops in eight other dissectors, and a memory alignment flaw when running on SPARC or Itanium processors. For an attack to be successful, an attacker must inject a malformed packet onto the wire or convince a victim to read a malformed packet trace file. Versions 1.4.0 to 1.4.12 and 1.6.0 to 1.6.7 are affected; upgrading to 1.4.13 or 1.6.8 corrects these problems.
Anatomy of a LulzSec attack ‘singles out’ Web 2.0 weakness
A new report analyzing a recent attack on a military dating site underscores the need for stronger safeguards on social networks. As part of its Hacker Intelligence Initiative, database and application security provider Imperva deconstructed a March attack by the hacker collective LulzSec on MilitarySingles.com. By bypassing simple checks and filters, the group was able to steal sensitive data, including passwords on more than 170,000 members of the dating site. The “reborn” group posted the attack on Pastebin March 26. The attackers took advantage of a vulnerable area in developing social applications: consumer-created content. In the case of MilitarySingles.com, attackers leveraged the picture upload functionality. Hackers also took advantage of the dating site’s password management. Members’ secret codes were hashed with a weak MD5 algorithm and no additional salting to thwart a dictionary attack.
Windows Vista infection rates climb, says Microsoft
Microsoft said the week of May 14 that a skew toward more exploits on Windows Vista can be attributed to the demise of support for the operating system’s first service pack. Data from the company’s newest security intelligence report showed that in the second half of 2011, Vista Service Pack 1 (SP1) was 17 percent more likely to be infected by malware than Windows XP SP3, the final upgrade to the nearly 11-year-old operating system. That is counter to the usual trend, which holds that newer editions of Windows are more secure, and thus exploited at a lower rate, than older versions such as XP. Some editions of Windows 7, for example, boast an infection rate half that of XP. The director of Microsoft’s Trustworthy Computing group attributed the rise of successful attacks on Vista SP1 to the edition’s retirement from security support. Microsoft stopped delivering patches for Vista SP1 in July 2011. For the bulk of the reporting period, then, Vista SP2 users did not receive fixes to flaws, including some that were later exploited by criminals. Vista SP2 will continue to be patched until mid-April 2017.
Google will alert users to DNSChanger malware infection
Google began to notify about half a million people their computers are infected with the DNSChanger malware. The effort, which began May 22, is designed to let those people know their Internet connections will stop working July 9, when temporary servers set up by the FBI to help DNSChanger victims are scheduled to be disconnected. “The warning will be at the top of the search results page for regular searches and image searches and news searches,” a Google security engineer said.
Blizzard: Battle.net account theft increase normal, hacking not issue
Blizzard responded to the recent upswing of stolen Battle.net accounts since the release of Diablo III. Although critics might be tempted to blame Blizzard’s security, the game company said every complaint it investigated led to a single conclusion: the thief had the user’s password. Although the true origins of recent account intrusions remain uncertain, it is highly probable that phishing, untrustworthy third-party software, and poorly protected passwords led to unauthorized account access.
Malware ‘licensing’ could stymie automated analysis
The Flashback trojan, which started spreading in September 2011, consists of a number of components, including a downloader that infects systems and modules fetched from Internet hosts to add functionality to the trojan. Such a division of labor is standard for botnets and trojan downloaders. However, the attack tool’s use of encryption to bind downloaded modules to the infected system — similar to how digital-rights-protected content is licensed and bound to a single playback device — is new. The problem for security firms and researchers is that encrypted malware makes automated malware analysis much harder, said a research scientist at the Georgia Institute of Technology’s Information Security Center.
CompSci eggheads to map Android malware genome
Mobile security researchers are teaming up to share samples and data on malware targeting the Android platform. The Android Malware Genome Project, led by a computer science researcher at North Carolina State University, aims to boost collaboration in defending against the growing menace of mobile malware targeting smartphones from companies such as HTC and Samsung that are based on Google’s mobile operating system platform. The North Carolina State team was the first to identify dozens of Android malware programs, including DroidKungFu and GingerMaster. The project is designed to facilitate the sharing of Android malware code between security researchers, along the same lines as the long-standing malware sample sharing projects already set up by Windows antivirus software developers. The project has already collected more than 1,200 pieces of Android malware.
Banking malware spies on victims by hijacking webcams, microphones
A new variant of SpyEye malware allows cybercriminals to monitor potential bank fraud victims by hijacking their Web cams and microphones, according to security researchers from Kaspersky Lab May 21. SpyEye is a computer trojan that specifically targets online banking users. Like its older cousin, Zeus, SpyEye is no longer being developed by its original author but is still widely used by cybercriminals. SpyEye’s plug-in-based architecture allows third-party malware developers to extend its original functionality, a Kaspersky Lab malware researcher said. This is exactly what happened with the new Web cam and microphone spying feature, implemented as a SpyEye plug-in called flashcamcontrol.dll, he said. As suggested by the DLL’s name, the malware accesses the two computer peripherals by leveraging Flash Player, which has Web cam and microphone control functionality built in. Under normal circumstances, users get prompted to manually allow Web sites to control their computers’ Web cam and microphone via Flash. However, the SpyEye plug-in silently whitelists a list of online banking Web sites by directly modifying Flash Player configuration files.
Feds bust multi-million dollar identity theft ring
Homeland Security investigators said they found a laptop computer, a credit card reader, and other evidence in the southwest Miami-Dade, Florida home of a man accused mastermind of a multi-million dollar identity theft ring stretching from south Florida to Canada and eastern Europe, WFOR 4 Miami reported May 22. A federal agent said the man made tons of phony credit cards out of his home — realistic even down to the foil markings on the back of the card. Agents said he made the cards with thousands of stolen credit card numbers purchased from criminal groups in Canada and Eastern Europe. It is believed the stolen numbers were acquired through a myriad of ways, including home break-ins and through large scale rip-offs of data. The federal agent said the man had his employees buy prepaid gift cards with the phony credit cards, which made it more difficult to trace his operation. She said those gift cards were then sold at a discount online. Investigators believe the operation made at least $4 million. When the feds searched the man’s house, they found small bags crammed full of fraudulent credit cards and a hard drive with a trove of credit card numbers. Federal investigators said the man pleaded guilty to the charges.
Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm. Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.